boklm pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build

Commits: 6d8e1d6f by Nicolas Vigier at 2024-10-30T17:46:21+01:00 Bug 41243: Add apparmor profile to deb package

- - - - -

4 changed files:

- projects/linux-packages/config - + projects/linux-packages/debian/apparmor.in - projects/linux-packages/debian/control.in - projects/linux-packages/debian/rules.in

Changes:

===================================== projects/linux-packages/config ===================================== @@ -36,6 +36,7 @@ targets: - dpkg-dev - debhelper - dh-exec + - dh-apparmor # Packages needed to generate dependencies for the deb package - linux-libc-dev - libasound2-dev @@ -148,6 +149,10 @@ input_files: enable: '[% c("var/build_deb_pkg") || c("var/build_rpm_pkg") %]'

# Debian Package + - filename: debian/apparmor + content: "[% INCLUDE 'debian/apparmor.in' %]" + refresh_input: 1 + enable: '[% c("var/build_deb_pkg") %]' - filename: debian/changelog content: "[% INCLUDE 'debian/changelog.in' %]" refresh_input: 1

===================================== projects/linux-packages/debian/apparmor.in ===================================== @@ -0,0 +1,14 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# AppArmor policy for [% c("var/system_pkg/pkg_name") %] + +abi <abi/4.0>, +include <tunables/global> + +profile [% c("var/system_pkg/pkg_name") %] /[% c('var/system_pkg/install_path') %]/[% c("var/projectname") %].real flags=(unconfined) { + userns, + + # Site-specific additions and overrides. See local/README for details. + include if exists <local/[% c("var/system_pkg/pkg_name") %]> +}

===================================== projects/linux-packages/debian/control.in ===================================== @@ -2,7 +2,7 @@ Source: [% c("var/system_pkg/pkg_name") %] Maintainer: [% c("var/Project_Name") %] Developers torbrowser@torproject.org Priority: optional Section: web -Build-Depends: debhelper (>= 9) +Build-Depends: debhelper (>= 9), dh-apparmor

Package: [% c("var/system_pkg/pkg_name") %] Architecture: [% c("var_p/system_pkg/deb_archs").join(" ") %]

===================================== projects/linux-packages/debian/rules.in ===================================== @@ -12,3 +12,8 @@ override_dh_strip:

override_dh_shlibdeps: dh_shlibdeps -Xabicheck[% IF c("var/tor-browser") %] -l$(CURDIR)/debian/[% c("var/system_pkg/pkg_name") %]/[% c('var/system_pkg/install_path') %]/TorBrowser/Tor[% END %] + +override_dh_install: + mkdir -p debian/[% c("var/system_pkg/pkg_name") %]/etc/apparmor.d + cp debian/apparmor debian/[% c("var/system_pkg/pkg_name") %]/etc/apparmor.d/[% c("var/system_pkg/pkg_name") %] + dh_apparmor --profile-name=[% c("var/system_pkg/pkg_name") %] -p[% c("var/system_pkg/pkg_name") %]

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6d...